Microsoft Windows NetBIOS Information Disclosure

1999-06-07T00:00:00
ID OSVDB:13577
Type osvdb
Reporter OSVDB
Modified 1999-06-07T00:00:00

Description

Vulnerability Description

Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when NetBIOS port 137 (UDP) is open and responds to wildcard requests. By sending such a request, an attacker may be able to disclose the computer name, workgroup, domain name, file server service and MAC address.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Block inbound connections to port 137 (UDP).

Short Description

Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when NetBIOS port 137 (UDP) is open and responds to wildcard requests. By sending such a request, an attacker may be able to disclose the computer name, workgroup, domain name, file server service and MAC address.

References:

Vendor URL: http://www.microsoft.com/ OVAL ID: 1024 Nessus Plugin ID:10150 ISS X-Force ID: 8516 CVE-1999-0621